1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * SMB specific functions 29 */ 30 #include <stdio.h> 31 #include <string.h> 32 #include <ctype.h> 33 #include <stdlib.h> 34 #include <unistd.h> 35 #include <zone.h> 36 #include <errno.h> 37 #include <locale.h> 38 #include <fcntl.h> 39 #include <sys/types.h> 40 #include <sys/stat.h> 41 #include <syslog.h> 42 #include "libshare.h" 43 #include "libshare_impl.h" 44 #include <pwd.h> 45 #include <limits.h> 46 #include <libscf.h> 47 #include <strings.h> 48 #include "libshare_smb.h" 49 #include <rpcsvc/daemon_utils.h> 50 #include <smbsrv/smb_share.h> 51 #include <smbsrv/smbinfo.h> 52 #include <smbsrv/libsmb.h> 53 54 /* internal functions */ 55 static int smb_share_init(void); 56 static void smb_share_fini(void); 57 static int smb_enable_share(sa_share_t); 58 static int smb_share_changed(sa_share_t); 59 static int smb_resource_changed(sa_resource_t); 60 static int smb_rename_resource(sa_handle_t, sa_resource_t, char *); 61 static int smb_disable_share(sa_share_t share, char *); 62 static int smb_validate_property(sa_handle_t, sa_property_t, sa_optionset_t); 63 static int smb_set_proto_prop(sa_property_t); 64 static sa_protocol_properties_t smb_get_proto_set(void); 65 static char *smb_get_status(void); 66 static int smb_parse_optstring(sa_group_t, char *); 67 static char *smb_format_options(sa_group_t, int); 68 69 static int smb_enable_service(void); 70 71 static int range_check_validator(int, char *); 72 static int range_check_validator_zero_ok(int, char *); 73 static int string_length_check_validator(int, char *); 74 static int true_false_validator(int, char *); 75 static int ip_address_validator_empty_ok(int, char *); 76 static int ip_address_csv_list_validator_empty_ok(int, char *); 77 static int path_validator(int, char *); 78 79 static int smb_enable_resource(sa_resource_t); 80 static int smb_disable_resource(sa_resource_t); 81 static uint64_t smb_share_features(void); 82 static int smb_list_transient(sa_handle_t); 83 84 static int smb_build_shareinfo(sa_share_t, sa_resource_t, smb_share_t *); 85 static sa_group_t smb_get_defaultgrp(sa_handle_t); 86 87 /* size of basic format allocation */ 88 #define OPT_CHUNK 1024 89 90 /* size of string for types - big enough to hold "dependency" */ 91 #define SCFTYPE_LEN 32 92 93 /* 94 * Indexes of entries in smb_proto_options table. 95 * Changes to smb_proto_options table may require 96 * an update to these values. 97 */ 98 #define PROTO_OPT_WINS1 6 99 #define PROTO_OPT_WINS_EXCLUDE 8 100 101 102 /* 103 * ops vector that provides the protocol specific info and operations 104 * for share management. 105 */ 106 107 struct sa_plugin_ops sa_plugin_ops = { 108 SA_PLUGIN_VERSION, 109 SMB_PROTOCOL_NAME, 110 smb_share_init, 111 smb_share_fini, 112 smb_enable_share, 113 smb_disable_share, 114 smb_validate_property, 115 NULL, /* valid_space */ 116 NULL, /* security_prop */ 117 smb_parse_optstring, 118 smb_format_options, 119 smb_set_proto_prop, 120 smb_get_proto_set, 121 smb_get_status, 122 NULL, /* space_alias */ 123 NULL, /* update_legacy */ 124 NULL, /* delete_legacy */ 125 smb_share_changed, 126 smb_enable_resource, 127 smb_disable_resource, 128 smb_share_features, 129 smb_list_transient, 130 smb_resource_changed, 131 smb_rename_resource, 132 NULL, /* run_command */ 133 NULL, /* command_help */ 134 NULL /* delete_proto_section */ 135 }; 136 137 /* 138 * option definitions. Make sure to keep the #define for the option 139 * index just before the entry it is the index for. Changing the order 140 * can cause breakage. 141 */ 142 143 struct option_defs optdefs[] = { 144 {SMB_SHROPT_AD_CONTAINER, OPT_TYPE_STRING}, 145 {SMB_SHROPT_NAME, OPT_TYPE_NAME}, 146 {SHOPT_RO, OPT_TYPE_ACCLIST}, 147 {SHOPT_RW, OPT_TYPE_ACCLIST}, 148 {SHOPT_NONE, OPT_TYPE_ACCLIST}, 149 {NULL, NULL}, 150 }; 151 152 /* 153 * findopt(name) 154 * 155 * Lookup option "name" in the option table and return the table 156 * index. 157 */ 158 static int 159 findopt(char *name) 160 { 161 int i; 162 if (name != NULL) { 163 for (i = 0; optdefs[i].tag != NULL; i++) { 164 if (strcmp(optdefs[i].tag, name) == 0) 165 return (i); 166 } 167 } 168 return (-1); 169 } 170 171 /* 172 * is_a_number(number) 173 * 174 * is the string a number in one of the forms we want to use? 175 */ 176 static boolean_t 177 is_a_number(char *number) 178 { 179 boolean_t isnum = B_TRUE; 180 boolean_t ishex = B_FALSE; 181 182 if (number == NULL || *number == '\0') 183 return (B_FALSE); 184 185 if (strncasecmp(number, "0x", 2) == 0) { 186 number += 2; 187 ishex = B_TRUE; 188 } else if (*number == '-') { 189 number++; 190 } 191 192 while (isnum && (*number != '\0')) { 193 isnum = (ishex) ? isxdigit(*number) : isdigit(*number); 194 number++; 195 } 196 197 return (isnum); 198 } 199 200 /* 201 * check ro vs rw values. Over time this may get beefed up. 202 * for now it just does simple checks. 203 */ 204 205 static int 206 check_rorw(char *v1, char *v2) 207 { 208 int ret = SA_OK; 209 if (strcmp(v1, v2) == 0) 210 ret = SA_VALUE_CONFLICT; 211 return (ret); 212 } 213 214 /* 215 * validresource(name) 216 * 217 * Check that name only has valid characters in it. The current valid 218 * set are the printable characters but not including: 219 * " / \ [ ] : | < > + ; , ? * = \t 220 * Note that space is included and there is a maximum length. 221 */ 222 static boolean_t 223 validresource(const char *name) 224 { 225 const char *cp; 226 size_t len; 227 228 if (name == NULL) 229 return (B_FALSE); 230 231 len = strlen(name); 232 if (len == 0 || len > SA_MAX_RESOURCE_NAME) 233 return (B_FALSE); 234 235 if (strpbrk(name, "\"/\\[]:|<>+;,?*=\t") != NULL) { 236 return (B_FALSE); 237 } 238 239 for (cp = name; *cp != '\0'; cp++) 240 if (iscntrl(*cp)) 241 return (B_FALSE); 242 243 return (B_TRUE); 244 } 245 246 /* 247 * smb_isonline() 248 * 249 * Determine if the SMF service instance is in the online state or 250 * not. A number of operations depend on this state. 251 */ 252 static boolean_t 253 smb_isonline(void) 254 { 255 char *str; 256 boolean_t ret = B_FALSE; 257 258 if ((str = smf_get_state(SMBD_DEFAULT_INSTANCE_FMRI)) != NULL) { 259 ret = (strcmp(str, SCF_STATE_STRING_ONLINE) == 0); 260 free(str); 261 } 262 return (ret); 263 } 264 265 /* 266 * smb_isdisabled() 267 * 268 * Determine if the SMF service instance is in the disabled state or 269 * not. A number of operations depend on this state. 270 */ 271 static boolean_t 272 smb_isdisabled(void) 273 { 274 char *str; 275 boolean_t ret = B_FALSE; 276 277 if ((str = smf_get_state(SMBD_DEFAULT_INSTANCE_FMRI)) != NULL) { 278 ret = (strcmp(str, SCF_STATE_STRING_DISABLED) == 0); 279 free(str); 280 } 281 return (ret); 282 } 283 284 /* 285 * smb_isautoenable() 286 * 287 * Determine if the SMF service instance auto_enabled set or not. A 288 * number of operations depend on this state. The property not being 289 * set or being set to true means autoenable. Only being set to false 290 * is not autoenabled. 291 */ 292 static boolean_t 293 smb_isautoenable(void) 294 { 295 boolean_t ret = B_TRUE; 296 scf_simple_prop_t *prop; 297 uint8_t *retstr; 298 299 prop = scf_simple_prop_get(NULL, SMBD_DEFAULT_INSTANCE_FMRI, 300 "application", "auto_enable"); 301 if (prop != NULL) { 302 retstr = scf_simple_prop_next_boolean(prop); 303 ret = *retstr != 0; 304 scf_simple_prop_free(prop); 305 } 306 return (ret); 307 } 308 309 /* 310 * smb_ismaint() 311 * 312 * Determine if the SMF service instance is in the disabled state or 313 * not. A number of operations depend on this state. 314 */ 315 static boolean_t 316 smb_ismaint(void) 317 { 318 char *str; 319 boolean_t ret = B_FALSE; 320 321 if ((str = smf_get_state(SMBD_DEFAULT_INSTANCE_FMRI)) != NULL) { 322 ret = (strcmp(str, SCF_STATE_STRING_MAINT) == 0); 323 free(str); 324 } 325 return (ret); 326 } 327 328 /* 329 * smb_enable_share tells the implementation that it is to enable the share. 330 * This entails converting the path and options into the appropriate ioctl 331 * calls. It is assumed that all error checking of paths, etc. were 332 * done earlier. 333 */ 334 static int 335 smb_enable_share(sa_share_t share) 336 { 337 char *path; 338 smb_share_t si; 339 sa_resource_t resource; 340 boolean_t iszfs; 341 boolean_t privileged; 342 int err = SA_OK; 343 priv_set_t *priv_effective; 344 boolean_t online; 345 346 /* 347 * We only start in the global zone and only run if we aren't 348 * running Trusted Extensions. 349 */ 350 if (getzoneid() != GLOBAL_ZONEID) { 351 (void) printf(dgettext(TEXT_DOMAIN, 352 "SMB: service not supported in local zone\n")); 353 return (SA_NOT_SUPPORTED); 354 } 355 if (is_system_labeled()) { 356 (void) printf(dgettext(TEXT_DOMAIN, 357 "SMB: service not supported with Trusted Extensions\n")); 358 return (SA_NOT_SUPPORTED); 359 } 360 361 priv_effective = priv_allocset(); 362 (void) getppriv(PRIV_EFFECTIVE, priv_effective); 363 privileged = (priv_isfullset(priv_effective) == B_TRUE); 364 priv_freeset(priv_effective); 365 366 /* get the path since it is important in several places */ 367 path = sa_get_share_attr(share, "path"); 368 if (path == NULL) 369 return (SA_NO_SUCH_PATH); 370 371 /* 372 * If administratively disabled, don't try to start anything. 373 */ 374 online = smb_isonline(); 375 if (!online && !smb_isautoenable() && smb_isdisabled()) 376 goto done; 377 378 iszfs = sa_path_is_zfs(path); 379 380 if (iszfs) { 381 382 if (privileged == B_FALSE && !online) { 383 384 if (!online) { 385 (void) printf(dgettext(TEXT_DOMAIN, 386 "SMB: Cannot share remove " 387 "file system: %s\n"), path); 388 (void) printf(dgettext(TEXT_DOMAIN, 389 "SMB: Service needs to be enabled " 390 "by a privileged user\n")); 391 err = SA_NO_PERMISSION; 392 errno = EPERM; 393 } 394 if (err) { 395 sa_free_attr_string(path); 396 return (err); 397 } 398 399 } 400 } 401 402 if (privileged == B_TRUE && !online) { 403 err = smb_enable_service(); 404 if (err != SA_OK) { 405 (void) printf(dgettext(TEXT_DOMAIN, 406 "SMB: Unable to enable service\n")); 407 /* 408 * For now, it is OK to not be able to enable 409 * the service. 410 */ 411 if (err == SA_BUSY || err == SA_SYSTEM_ERR) 412 err = SA_OK; 413 } else { 414 online = B_TRUE; 415 } 416 } 417 418 /* 419 * Don't bother trying to start shares if the service isn't 420 * running. 421 */ 422 if (!online) 423 goto done; 424 425 /* Each share can have multiple resources */ 426 for (resource = sa_get_share_resource(share, NULL); 427 resource != NULL; 428 resource = sa_get_next_resource(resource)) { 429 err = smb_build_shareinfo(share, resource, &si); 430 if (err != SA_OK) { 431 sa_free_attr_string(path); 432 return (err); 433 } 434 435 if (!iszfs) { 436 err = smb_share_create(&si); 437 } else { 438 share_t sh; 439 440 sa_sharetab_fill_zfs(share, &sh, "smb"); 441 err = sa_share_zfs(share, (char *)path, &sh, 442 &si, ZFS_SHARE_SMB); 443 444 sa_emptyshare(&sh); 445 } 446 } 447 if (!iszfs) 448 (void) sa_update_sharetab(share, "smb"); 449 done: 450 sa_free_attr_string(path); 451 452 return (err == NERR_DuplicateShare ? 0 : err); 453 } 454 455 /* 456 * This is the share for CIFS all shares have resource names. 457 * Enable tells the smb server to update its hash. If it fails 458 * because smb server is down, we just ignore as smb server loads 459 * the resources from sharemanager at startup. 460 */ 461 462 static int 463 smb_enable_resource(sa_resource_t resource) 464 { 465 sa_share_t share; 466 smb_share_t si; 467 int ret = SA_OK; 468 int err; 469 boolean_t isonline; 470 471 share = sa_get_resource_parent(resource); 472 if (share == NULL) 473 return (SA_NO_SUCH_PATH); 474 475 /* 476 * If administratively disabled, don't try to start anything. 477 */ 478 isonline = smb_isonline(); 479 if (!isonline && !smb_isautoenable() && smb_isdisabled()) 480 return (SA_OK); 481 482 if (!isonline) { 483 (void) smb_enable_service(); 484 485 if (!smb_isonline()) 486 return (SA_OK); 487 } 488 489 if ((ret = smb_build_shareinfo(share, resource, &si)) != SA_OK) 490 return (ret); 491 492 /* 493 * Attempt to add the share. Any error that occurs if it was 494 * online is an error but don't count NERR_DuplicateName if 495 * smb/server had to be brought online since bringing the 496 * service up will enable the share that was just added prior 497 * to the attempt to enable. 498 */ 499 err = smb_share_create(&si); 500 if (err == NERR_Success || !(!isonline && err == NERR_DuplicateName)) 501 (void) sa_update_sharetab(share, "smb"); 502 else 503 return (SA_NOT_SHARED); 504 505 return (SA_OK); 506 } 507 508 /* 509 * Remove it from smb server hash. 510 */ 511 static int 512 smb_disable_resource(sa_resource_t resource) 513 { 514 char *rname; 515 uint32_t res; 516 sa_share_t share; 517 518 rname = sa_get_resource_attr(resource, "name"); 519 if (rname == NULL) 520 return (SA_NO_SUCH_RESOURCE); 521 522 if (smb_isonline()) { 523 res = smb_share_delete(rname); 524 if (res != NERR_Success) { 525 sa_free_attr_string(rname); 526 return (SA_CONFIG_ERR); 527 } 528 } 529 530 sa_free_attr_string(rname); 531 532 share = sa_get_resource_parent(resource); 533 if (share != NULL) { 534 rname = sa_get_share_attr(share, "path"); 535 if (rname != NULL) { 536 sa_handle_t handle; 537 538 handle = sa_find_group_handle((sa_group_t)resource); 539 (void) sa_delete_sharetab(handle, rname, "smb"); 540 sa_free_attr_string(rname); 541 } 542 } 543 /* 544 * Always return OK as smb/server may be down and 545 * Shares will be picked up when loaded. 546 */ 547 return (SA_OK); 548 } 549 550 /* 551 * smb_share_changed(sa_share_t share) 552 * 553 * The specified share has changed. 554 */ 555 static int 556 smb_share_changed(sa_share_t share) 557 { 558 char *path; 559 sa_resource_t resource; 560 561 if (!smb_isonline()) 562 return (SA_OK); 563 564 /* get the path since it is important in several places */ 565 path = sa_get_share_attr(share, "path"); 566 if (path == NULL) 567 return (SA_NO_SUCH_PATH); 568 569 for (resource = sa_get_share_resource(share, NULL); 570 resource != NULL; 571 resource = sa_get_next_resource(resource)) 572 (void) smb_resource_changed(resource); 573 574 sa_free_attr_string(path); 575 576 return (SA_OK); 577 } 578 579 /* 580 * smb_resource_changed(sa_resource_t resource) 581 * 582 * The specified resource has changed. 583 */ 584 static int 585 smb_resource_changed(sa_resource_t resource) 586 { 587 uint32_t res; 588 sa_share_t share; 589 smb_share_t si; 590 591 if (!smb_isonline()) 592 return (SA_OK); 593 594 if ((share = sa_get_resource_parent(resource)) == NULL) 595 return (SA_CONFIG_ERR); 596 597 if ((res = smb_build_shareinfo(share, resource, &si)) != SA_OK) 598 return (res); 599 600 res = smb_share_modify(&si); 601 602 if (res != NERR_Success) 603 return (SA_CONFIG_ERR); 604 605 return (smb_enable_service()); 606 } 607 608 /* 609 * smb_disable_share(sa_share_t share, char *path) 610 * 611 * Unshare the specified share. Note that "path" is the same 612 * path as what is in the "share" object. It is passed in to avoid an 613 * additional lookup. A missing "path" value makes this a no-op 614 * function. 615 */ 616 static int 617 smb_disable_share(sa_share_t share, char *path) 618 { 619 char *rname; 620 sa_resource_t resource; 621 sa_group_t parent; 622 boolean_t iszfs; 623 int err = SA_OK; 624 sa_handle_t handle; 625 boolean_t first = B_TRUE; /* work around sharetab issue */ 626 627 if (path == NULL) 628 return (err); 629 630 /* 631 * If the share is in a ZFS group we need to handle it 632 * differently. Just being on a ZFS file system isn't 633 * enough since we may be in a legacy share case. 634 */ 635 parent = sa_get_parent_group(share); 636 iszfs = sa_group_is_zfs(parent); 637 638 if (!smb_isonline()) 639 goto done; 640 641 for (resource = sa_get_share_resource(share, NULL); 642 resource != NULL || err != SA_OK; 643 resource = sa_get_next_resource(resource)) { 644 rname = sa_get_resource_attr(resource, "name"); 645 if (rname == NULL) { 646 continue; 647 } 648 if (!iszfs) { 649 err = smb_share_delete(rname); 650 switch (err) { 651 case NERR_NetNameNotFound: 652 case NERR_Success: 653 err = SA_OK; 654 break; 655 default: 656 err = SA_CONFIG_ERR; 657 break; 658 } 659 } else { 660 share_t sh; 661 662 sa_sharetab_fill_zfs(share, &sh, "smb"); 663 err = sa_share_zfs(share, (char *)path, &sh, 664 rname, ZFS_UNSHARE_SMB); 665 /* 666 * If we are no longer the first case, we 667 * don't care about the sa_share_zfs err if it 668 * is -1. This works around a problem in 669 * sharefs and should be removed when sharefs 670 * supports multiple entries per path. 671 */ 672 if (!first && err == -1) 673 err = SA_OK; 674 first = B_FALSE; 675 676 sa_emptyshare(&sh); 677 } 678 sa_free_attr_string(rname); 679 } 680 done: 681 if (!iszfs) { 682 handle = sa_find_group_handle((sa_group_t)share); 683 if (handle != NULL) 684 (void) sa_delete_sharetab(handle, path, "smb"); 685 else 686 err = SA_SYSTEM_ERR; 687 } 688 return (err); 689 } 690 691 /* 692 * smb_validate_property(handle, property, parent) 693 * 694 * Check that the property has a legitimate value for its type. 695 * Handle isn't currently used but may need to be in the future. 696 */ 697 698 /*ARGSUSED*/ 699 static int 700 smb_validate_property(sa_handle_t handle, sa_property_t property, 701 sa_optionset_t parent) 702 { 703 int ret = SA_OK; 704 char *propname; 705 int optindex; 706 sa_group_t parent_group; 707 char *value; 708 char *other; 709 710 propname = sa_get_property_attr(property, "type"); 711 712 if ((optindex = findopt(propname)) < 0) 713 ret = SA_NO_SUCH_PROP; 714 715 /* need to validate value range here as well */ 716 if (ret == SA_OK) { 717 parent_group = sa_get_parent_group((sa_share_t)parent); 718 if (optdefs[optindex].share && !sa_is_share(parent_group)) 719 ret = SA_PROP_SHARE_ONLY; 720 } 721 if (ret != SA_OK) { 722 if (propname != NULL) 723 sa_free_attr_string(propname); 724 return (ret); 725 } 726 727 value = sa_get_property_attr(property, "value"); 728 if (value != NULL) { 729 /* first basic type checking */ 730 switch (optdefs[optindex].type) { 731 case OPT_TYPE_NUMBER: 732 /* check that the value is all digits */ 733 if (!is_a_number(value)) 734 ret = SA_BAD_VALUE; 735 break; 736 case OPT_TYPE_BOOLEAN: 737 if (strlen(value) == 0 || 738 strcasecmp(value, "true") == 0 || 739 strcmp(value, "1") == 0 || 740 strcasecmp(value, "false") == 0 || 741 strcmp(value, "0") == 0) { 742 ret = SA_OK; 743 } else { 744 ret = SA_BAD_VALUE; 745 } 746 break; 747 case OPT_TYPE_NAME: 748 /* 749 * Make sure no invalid characters 750 */ 751 if (validresource(value) == B_FALSE) 752 ret = SA_BAD_VALUE; 753 break; 754 case OPT_TYPE_STRING: 755 /* whatever is here should be ok */ 756 break; 757 case OPT_TYPE_ACCLIST: { 758 sa_property_t oprop; 759 char *ovalue; 760 /* 761 * access list handling. Should eventually 762 * validate that all the values make sense. 763 * Also, ro and rw may have cross value 764 * conflicts. 765 */ 766 if (parent == NULL) 767 break; 768 if (strcmp(propname, SHOPT_RO) == 0) 769 other = SHOPT_RW; 770 else if (strcmp(propname, SHOPT_RW) == 0) 771 other = SHOPT_RO; 772 else 773 other = NULL; 774 if (other == NULL) 775 break; 776 777 /* compare rw(ro) with ro(rw) */ 778 oprop = sa_get_property(parent, other); 779 if (oprop == NULL) 780 break; 781 /* 782 * only potential 783 * confusion if other 784 * exists 785 */ 786 ovalue = sa_get_property_attr(oprop, "value"); 787 if (ovalue != NULL) { 788 ret = check_rorw(value, ovalue); 789 sa_free_attr_string(ovalue); 790 } 791 break; 792 } 793 default: 794 break; 795 } 796 } 797 798 if (value != NULL) 799 sa_free_attr_string(value); 800 if (ret == SA_OK && optdefs[optindex].check != NULL) 801 /* do the property specific check */ 802 ret = optdefs[optindex].check(property); 803 804 if (propname != NULL) 805 sa_free_attr_string(propname); 806 return (ret); 807 } 808 809 /* 810 * Protocol management functions 811 * 812 * properties defined in the default files are defined in 813 * proto_option_defs for parsing and validation. 814 */ 815 816 struct smb_proto_option_defs { 817 int smb_index; 818 int32_t minval; 819 int32_t maxval; /* In case of length of string this should be max */ 820 int (*validator)(int, char *); 821 int32_t refresh; 822 } smb_proto_options[] = { 823 { SMB_CI_SYS_CMNT, 0, MAX_VALUE_BUFLEN, 824 string_length_check_validator, SMB_REFRESH_REFRESH }, 825 { SMB_CI_MAX_WORKERS, 64, 1024, range_check_validator, 826 SMB_REFRESH_REFRESH }, 827 { SMB_CI_NBSCOPE, 0, MAX_VALUE_BUFLEN, 828 string_length_check_validator, 0 }, 829 { SMB_CI_LM_LEVEL, 2, 5, range_check_validator, 0 }, 830 { SMB_CI_KEEPALIVE, 20, 5400, range_check_validator_zero_ok, 831 SMB_REFRESH_REFRESH }, 832 { SMB_CI_WINS_SRV1, 0, MAX_VALUE_BUFLEN, 833 ip_address_validator_empty_ok, SMB_REFRESH_REFRESH }, 834 { SMB_CI_WINS_SRV2, 0, MAX_VALUE_BUFLEN, 835 ip_address_validator_empty_ok, SMB_REFRESH_REFRESH }, 836 { SMB_CI_WINS_EXCL, 0, MAX_VALUE_BUFLEN, 837 ip_address_csv_list_validator_empty_ok, SMB_REFRESH_REFRESH }, 838 { SMB_CI_SIGNING_ENABLE, 0, 0, true_false_validator, 839 SMB_REFRESH_REFRESH }, 840 { SMB_CI_SIGNING_REQD, 0, 0, true_false_validator, 841 SMB_REFRESH_REFRESH }, 842 { SMB_CI_RESTRICT_ANON, 0, 0, true_false_validator, 843 SMB_REFRESH_REFRESH }, 844 { SMB_CI_DOMAIN_SRV, 0, MAX_VALUE_BUFLEN, 845 ip_address_validator_empty_ok, 0 }, 846 { SMB_CI_ADS_SITE, 0, MAX_VALUE_BUFLEN, 847 string_length_check_validator, SMB_REFRESH_REFRESH }, 848 { SMB_CI_DYNDNS_ENABLE, 0, 0, true_false_validator, 0 }, 849 { SMB_CI_AUTOHOME_MAP, 0, MAX_VALUE_BUFLEN, path_validator, 0 }, 850 }; 851 852 #define SMB_OPT_NUM \ 853 (sizeof (smb_proto_options) / sizeof (smb_proto_options[0])) 854 855 /* 856 * Check the range of value as int range. 857 */ 858 static int 859 range_check_validator(int index, char *value) 860 { 861 int ret = SA_OK; 862 863 if (!is_a_number(value)) { 864 ret = SA_BAD_VALUE; 865 } else { 866 int val; 867 val = strtoul(value, NULL, 0); 868 if (val < smb_proto_options[index].minval || 869 val > smb_proto_options[index].maxval) 870 ret = SA_BAD_VALUE; 871 } 872 return (ret); 873 } 874 875 /* 876 * Check the range of value as int range. 877 */ 878 static int 879 range_check_validator_zero_ok(int index, char *value) 880 { 881 int ret = SA_OK; 882 883 if (!is_a_number(value)) { 884 ret = SA_BAD_VALUE; 885 } else { 886 int val; 887 val = strtoul(value, NULL, 0); 888 if (val == 0) 889 ret = SA_OK; 890 else { 891 if (val < smb_proto_options[index].minval || 892 val > smb_proto_options[index].maxval) 893 ret = SA_BAD_VALUE; 894 } 895 } 896 return (ret); 897 } 898 899 /* 900 * Check the length of the string 901 */ 902 static int 903 string_length_check_validator(int index, char *value) 904 { 905 int ret = SA_OK; 906 907 if (value == NULL) 908 return (SA_BAD_VALUE); 909 if (strlen(value) > smb_proto_options[index].maxval) 910 ret = SA_BAD_VALUE; 911 return (ret); 912 } 913 914 /* 915 * Check yes/no 916 */ 917 /*ARGSUSED*/ 918 static int 919 true_false_validator(int index, char *value) 920 { 921 if (value == NULL) 922 return (SA_BAD_VALUE); 923 if ((strcasecmp(value, "true") == 0) || 924 (strcasecmp(value, "false") == 0)) 925 return (SA_OK); 926 return (SA_BAD_VALUE); 927 } 928 929 /* 930 * Check IP address. 931 */ 932 /*ARGSUSED*/ 933 static int 934 ip_address_validator_empty_ok(int index, char *value) 935 { 936 char sbytes[16]; 937 int len; 938 939 if (value == NULL) 940 return (SA_OK); 941 len = strlen(value); 942 if (len == 0) 943 return (SA_OK); 944 if (inet_pton(AF_INET, value, (void *)sbytes) != 1) 945 return (SA_BAD_VALUE); 946 947 return (SA_OK); 948 } 949 950 /* 951 * Check IP address list 952 */ 953 /*ARGSUSED*/ 954 static int 955 ip_address_csv_list_validator_empty_ok(int index, char *value) 956 { 957 char sbytes[16]; 958 char *ip, *tmp, *ctx; 959 960 if (value == NULL || *value == '\0') 961 return (SA_OK); 962 963 if (strlen(value) > MAX_VALUE_BUFLEN) 964 return (SA_BAD_VALUE); 965 966 if ((tmp = strdup(value)) == NULL) 967 return (SA_NO_MEMORY); 968 969 ip = strtok_r(tmp, ",", &ctx); 970 while (ip) { 971 if (strlen(ip) == 0) { 972 free(tmp); 973 return (SA_BAD_VALUE); 974 } 975 if (*ip != 0) { 976 if (inet_pton(AF_INET, ip, 977 (void *)sbytes) != 1) { 978 free(tmp); 979 return (SA_BAD_VALUE); 980 } 981 } 982 ip = strtok_r(0, ",", &ctx); 983 } 984 985 free(tmp); 986 return (SA_OK); 987 } 988 989 /* 990 * Check path 991 */ 992 /*ARGSUSED*/ 993 static int 994 path_validator(int index, char *path) 995 { 996 struct stat buffer; 997 int fd, status; 998 999 if (path == NULL) 1000 return (SA_BAD_VALUE); 1001 1002 fd = open(path, O_RDONLY); 1003 if (fd < 0) 1004 return (SA_BAD_VALUE); 1005 1006 status = fstat(fd, &buffer); 1007 (void) close(fd); 1008 1009 if (status < 0) 1010 return (SA_BAD_VALUE); 1011 1012 if (buffer.st_mode & S_IFDIR) 1013 return (SA_OK); 1014 return (SA_BAD_VALUE); 1015 } 1016 1017 /* 1018 * the protoset holds the defined options so we don't have to read 1019 * them multiple times 1020 */ 1021 static sa_protocol_properties_t protoset; 1022 1023 static int 1024 findprotoopt(char *name) 1025 { 1026 int i; 1027 char *sc_name; 1028 1029 for (i = 0; i < SMB_OPT_NUM; i++) { 1030 sc_name = smb_config_getname(smb_proto_options[i].smb_index); 1031 if (strcasecmp(sc_name, name) == 0) 1032 return (i); 1033 } 1034 1035 return (-1); 1036 } 1037 1038 /* 1039 * smb_load_proto_properties() 1040 * 1041 * read the smb config values from SMF. 1042 */ 1043 1044 static int 1045 smb_load_proto_properties() 1046 { 1047 sa_property_t prop; 1048 char value[MAX_VALUE_BUFLEN]; 1049 char *name; 1050 int index; 1051 int ret = SA_OK; 1052 int rc; 1053 1054 protoset = sa_create_protocol_properties(SMB_PROTOCOL_NAME); 1055 if (protoset == NULL) 1056 return (SA_NO_MEMORY); 1057 1058 for (index = 0; index < SMB_OPT_NUM && ret == SA_OK; index++) { 1059 rc = smb_config_get(smb_proto_options[index].smb_index, 1060 value, sizeof (value)); 1061 if (rc != SMBD_SMF_OK) 1062 continue; 1063 name = smb_config_getname(smb_proto_options[index].smb_index); 1064 prop = sa_create_property(name, value); 1065 if (prop != NULL) 1066 ret = sa_add_protocol_property(protoset, prop); 1067 else 1068 ret = SA_NO_MEMORY; 1069 } 1070 return (ret); 1071 } 1072 1073 /* 1074 * smb_share_init() 1075 * 1076 * Initialize the smb plugin. 1077 */ 1078 1079 static int 1080 smb_share_init(void) 1081 { 1082 if (sa_plugin_ops.sa_init != smb_share_init) 1083 return (SA_SYSTEM_ERR); 1084 1085 smb_share_door_clnt_init(); 1086 return (smb_load_proto_properties()); 1087 } 1088 1089 /* 1090 * smb_share_fini() 1091 * 1092 */ 1093 static void 1094 smb_share_fini(void) 1095 { 1096 xmlFreeNode(protoset); 1097 protoset = NULL; 1098 1099 smb_share_door_clnt_fini(); 1100 } 1101 1102 /* 1103 * smb_get_proto_set() 1104 * 1105 * Return an optionset with all the protocol specific properties in 1106 * it. 1107 */ 1108 static sa_protocol_properties_t 1109 smb_get_proto_set(void) 1110 { 1111 return (protoset); 1112 } 1113 1114 /* 1115 * smb_enable_dependencies() 1116 * 1117 * SMBD_DEFAULT_INSTANCE_FMRI may have some dependencies that aren't 1118 * enabled. This will attempt to enable all of them. 1119 */ 1120 static void 1121 smb_enable_dependencies(const char *fmri) 1122 { 1123 scf_handle_t *handle; 1124 scf_service_t *service; 1125 scf_instance_t *inst = NULL; 1126 scf_iter_t *iter; 1127 scf_property_t *prop; 1128 scf_value_t *value; 1129 scf_propertygroup_t *pg; 1130 scf_scope_t *scope; 1131 char type[SCFTYPE_LEN]; 1132 char *dependency; 1133 char *servname; 1134 int maxlen; 1135 1136 /* 1137 * Get all required handles and storage. 1138 */ 1139 handle = scf_handle_create(SCF_VERSION); 1140 if (handle == NULL) 1141 return; 1142 1143 if (scf_handle_bind(handle) != 0) { 1144 scf_handle_destroy(handle); 1145 return; 1146 } 1147 1148 maxlen = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH); 1149 if (maxlen == (ssize_t)-1) 1150 maxlen = MAXPATHLEN; 1151 1152 dependency = malloc(maxlen); 1153 1154 service = scf_service_create(handle); 1155 1156 iter = scf_iter_create(handle); 1157 1158 pg = scf_pg_create(handle); 1159 1160 prop = scf_property_create(handle); 1161 1162 value = scf_value_create(handle); 1163 1164 scope = scf_scope_create(handle); 1165 1166 if (service == NULL || iter == NULL || pg == NULL || prop == NULL || 1167 value == NULL || scope == NULL || dependency == NULL) 1168 goto done; 1169 1170 /* 1171 * We passed in the FMRI for the default instance but for 1172 * some things we need the simple form so construct it. Since 1173 * we reuse the storage that dependency points to, we need to 1174 * use the servname early. 1175 */ 1176 (void) snprintf(dependency, maxlen, "%s", fmri + sizeof ("svc:")); 1177 servname = strrchr(dependency, ':'); 1178 if (servname == NULL) 1179 goto done; 1180 *servname = '\0'; 1181 servname = dependency; 1182 1183 /* 1184 * Setup to iterate over the service property groups, only 1185 * looking at those that are "dependency" types. The "entity" 1186 * property will have the FMRI of the service we are dependent 1187 * on. 1188 */ 1189 if (scf_handle_get_scope(handle, SCF_SCOPE_LOCAL, scope) != 0) 1190 goto done; 1191 1192 if (scf_scope_get_service(scope, servname, service) != 0) 1193 goto done; 1194 1195 if (scf_iter_service_pgs(iter, service) != 0) 1196 goto done; 1197 1198 while (scf_iter_next_pg(iter, pg) > 0) { 1199 char *services[2]; 1200 /* 1201 * Have a property group for the service. See if it is 1202 * a dependency pg and only do operations on those. 1203 */ 1204 if (scf_pg_get_type(pg, type, SCFTYPE_LEN) <= 0) 1205 continue; 1206 1207 if (strncmp(type, SCF_GROUP_DEPENDENCY, SCFTYPE_LEN) != 0) 1208 continue; 1209 /* 1210 * Have a dependency. Attempt to enable it. 1211 */ 1212 if (scf_pg_get_property(pg, SCF_PROPERTY_ENTITIES, prop) != 0) 1213 continue; 1214 1215 if (scf_property_get_value(prop, value) != 0) 1216 continue; 1217 1218 services[1] = NULL; 1219 1220 if (scf_value_get_as_string(value, dependency, maxlen) > 0) { 1221 services[0] = dependency; 1222 _check_services(services); 1223 } 1224 } 1225 1226 done: 1227 if (dependency != NULL) 1228 free(dependency); 1229 if (value != NULL) 1230 scf_value_destroy(value); 1231 if (prop != NULL) 1232 scf_property_destroy(prop); 1233 if (pg != NULL) 1234 scf_pg_destroy(pg); 1235 if (iter != NULL) 1236 scf_iter_destroy(iter); 1237 if (scope != NULL) 1238 scf_scope_destroy(scope); 1239 if (inst != NULL) 1240 scf_instance_destroy(inst); 1241 if (service != NULL) 1242 scf_service_destroy(service); 1243 1244 (void) scf_handle_unbind(handle); 1245 scf_handle_destroy(handle); 1246 } 1247 1248 /* 1249 * How long to wait for service to come online 1250 */ 1251 #define WAIT_FOR_SERVICE 15 1252 1253 /* 1254 * smb_enable_service() 1255 * 1256 */ 1257 static int 1258 smb_enable_service(void) 1259 { 1260 int i; 1261 int ret = SA_OK; 1262 char *service[] = { SMBD_DEFAULT_INSTANCE_FMRI, NULL }; 1263 1264 if (!smb_isonline()) { 1265 /* 1266 * Attempt to start the idmap, and other dependent 1267 * services, first. If it fails, the SMB service will 1268 * ultimately fail so we use that as the error. If we 1269 * don't try to enable idmap, smb won't start the 1270 * first time unless the admin has done it 1271 * manually. The service could be administratively 1272 * disabled so we won't always get started. 1273 */ 1274 smb_enable_dependencies(SMBD_DEFAULT_INSTANCE_FMRI); 1275 _check_services(service); 1276 1277 /* Wait for service to come online */ 1278 for (i = 0; i < WAIT_FOR_SERVICE; i++) { 1279 if (smb_isonline()) { 1280 ret = SA_OK; 1281 break; 1282 } else if (smb_ismaint()) { 1283 /* maintenance requires help */ 1284 ret = SA_SYSTEM_ERR; 1285 break; 1286 } else if (smb_isdisabled()) { 1287 /* disabled is ok */ 1288 ret = SA_OK; 1289 break; 1290 } else { 1291 /* try another time */ 1292 ret = SA_BUSY; 1293 (void) sleep(1); 1294 } 1295 } 1296 } 1297 return (ret); 1298 } 1299 1300 /* 1301 * smb_validate_proto_prop(index, name, value) 1302 * 1303 * Verify that the property specified by name can take the new 1304 * value. This is a sanity check to prevent bad values getting into 1305 * the default files. 1306 */ 1307 static int 1308 smb_validate_proto_prop(int index, char *name, char *value) 1309 { 1310 if ((name == NULL) || (index < 0)) 1311 return (SA_BAD_VALUE); 1312 1313 if (smb_proto_options[index].validator == NULL) 1314 return (SA_OK); 1315 1316 if (smb_proto_options[index].validator(index, value) == SA_OK) 1317 return (SA_OK); 1318 return (SA_BAD_VALUE); 1319 } 1320 1321 /* 1322 * smb_set_proto_prop(prop) 1323 * 1324 * check that prop is valid. 1325 */ 1326 /*ARGSUSED*/ 1327 static int 1328 smb_set_proto_prop(sa_property_t prop) 1329 { 1330 int ret = SA_OK; 1331 char *name; 1332 char *value; 1333 int index = -1; 1334 struct smb_proto_option_defs *opt; 1335 1336 name = sa_get_property_attr(prop, "type"); 1337 value = sa_get_property_attr(prop, "value"); 1338 if (name != NULL && value != NULL) { 1339 index = findprotoopt(name); 1340 if (index >= 0) { 1341 /* should test for valid value */ 1342 ret = smb_validate_proto_prop(index, name, value); 1343 if (ret == SA_OK) { 1344 opt = &smb_proto_options[index]; 1345 1346 /* Save to SMF */ 1347 (void) smb_config_set(opt->smb_index, value); 1348 /* 1349 * Specialized refresh mechanisms can 1350 * be flagged in the proto_options and 1351 * processed here. 1352 */ 1353 if (opt->refresh & SMB_REFRESH_REFRESH) 1354 (void) smf_refresh_instance( 1355 SMBD_DEFAULT_INSTANCE_FMRI); 1356 else if (opt->refresh & SMB_REFRESH_RESTART) 1357 (void) smf_restart_instance( 1358 SMBD_DEFAULT_INSTANCE_FMRI); 1359 } 1360 } 1361 } 1362 1363 if (name != NULL) 1364 sa_free_attr_string(name); 1365 if (value != NULL) 1366 sa_free_attr_string(value); 1367 1368 return (ret); 1369 } 1370 1371 /* 1372 * smb_get_status() 1373 * 1374 * What is the current status of the smbd? We use the SMF state here. 1375 * Caller must free the returned value. 1376 */ 1377 1378 static char * 1379 smb_get_status(void) 1380 { 1381 char *state = NULL; 1382 state = smf_get_state(SMBD_DEFAULT_INSTANCE_FMRI); 1383 return (state != NULL ? state : "-"); 1384 } 1385 1386 /* 1387 * This protocol plugin require resource names 1388 */ 1389 static uint64_t 1390 smb_share_features(void) 1391 { 1392 return (SA_FEATURE_RESOURCE | SA_FEATURE_ALLOWSUBDIRS | 1393 SA_FEATURE_ALLOWPARDIRS | SA_FEATURE_SERVER); 1394 } 1395 1396 /* 1397 * This should be used to convert smb_share_t to sa_resource_t 1398 * Should only be needed to build transient shares/resources to be 1399 * supplied to sharemgr to display. 1400 */ 1401 static int 1402 smb_add_transient(sa_handle_t handle, smb_share_t *si) 1403 { 1404 int err; 1405 sa_share_t share; 1406 sa_group_t group; 1407 sa_resource_t resource; 1408 1409 if (si == NULL) 1410 return (SA_INVALID_NAME); 1411 1412 if ((share = sa_find_share(handle, si->shr_path)) == NULL) { 1413 if ((group = smb_get_defaultgrp(handle)) == NULL) 1414 return (SA_NO_SUCH_GROUP); 1415 1416 share = sa_get_share(group, si->shr_path); 1417 if (share == NULL) { 1418 share = sa_add_share(group, si->shr_path, 1419 SA_SHARE_TRANSIENT, &err); 1420 if (share == NULL) 1421 return (SA_NO_SUCH_PATH); 1422 } 1423 } 1424 1425 /* 1426 * Now handle the resource. Make sure that the resource is 1427 * transient and added to the share. 1428 */ 1429 resource = sa_get_share_resource(share, si->shr_name); 1430 if (resource == NULL) { 1431 resource = sa_add_resource(share, 1432 si->shr_name, SA_SHARE_TRANSIENT, &err); 1433 if (resource == NULL) 1434 return (SA_NO_SUCH_RESOURCE); 1435 } 1436 1437 /* set resource attributes now */ 1438 (void) sa_set_resource_attr(resource, "description", si->shr_cmnt); 1439 (void) sa_set_resource_attr(resource, SMB_SHROPT_AD_CONTAINER, 1440 si->shr_container); 1441 1442 return (SA_OK); 1443 } 1444 1445 /* 1446 * Return smb transient shares. 1447 */ 1448 static int 1449 smb_list_transient(sa_handle_t handle) 1450 { 1451 int i, offset; 1452 smb_shrlist_t list; 1453 int res; 1454 1455 if (smb_share_count() <= 0) 1456 return (SA_OK); 1457 1458 offset = 0; 1459 while (smb_share_list(offset, &list) == NERR_Success) { 1460 if (list.sl_cnt == 0) 1461 break; 1462 1463 for (i = 0; i < list.sl_cnt; i++) { 1464 res = smb_add_transient(handle, &(list.sl_shares[i])); 1465 if (res != SA_OK) 1466 return (res); 1467 } 1468 offset += list.sl_cnt; 1469 } 1470 1471 return (SA_OK); 1472 } 1473 1474 /* 1475 * fix_resource_name(share, name, prefix) 1476 * 1477 * Construct a name where the ZFS dataset has the prefix replaced with "name". 1478 */ 1479 static char * 1480 fix_resource_name(sa_share_t share, char *name, char *prefix) 1481 { 1482 char *dataset = NULL; 1483 char *newname = NULL; 1484 size_t psize; 1485 size_t nsize; 1486 1487 dataset = sa_get_share_attr(share, "dataset"); 1488 1489 if (dataset != NULL && strcmp(dataset, prefix) != 0) { 1490 psize = strlen(prefix); 1491 if (strncmp(dataset, prefix, psize) == 0) { 1492 /* need string plus ',' and NULL */ 1493 nsize = (strlen(dataset) - psize) + strlen(name) + 2; 1494 newname = calloc(nsize, 1); 1495 if (newname != NULL) { 1496 (void) snprintf(newname, nsize, "%s%s", name, 1497 dataset + psize); 1498 sa_fix_resource_name(newname); 1499 } 1500 sa_free_attr_string(dataset); 1501 return (newname); 1502 } 1503 } 1504 if (dataset != NULL) 1505 sa_free_attr_string(dataset); 1506 return (strdup(name)); 1507 } 1508 1509 /* 1510 * smb_parse_optstring(group, options) 1511 * 1512 * parse a compact option string into individual options. This allows 1513 * ZFS sharesmb and sharemgr "share" command to work. group can be a 1514 * group, a share or a resource. 1515 */ 1516 static int 1517 smb_parse_optstring(sa_group_t group, char *options) 1518 { 1519 char *dup; 1520 char *base; 1521 char *lasts; 1522 char *token; 1523 sa_optionset_t optionset; 1524 sa_group_t parent = NULL; 1525 sa_resource_t resource = NULL; 1526 int iszfs = 0; 1527 int persist = 0; 1528 int need_optionset = 0; 1529 int ret = SA_OK; 1530 sa_property_t prop; 1531 1532 /* 1533 * In order to not attempt to change ZFS properties unless 1534 * absolutely necessary, we never do it in the legacy parsing 1535 * so we need to keep track of this. 1536 */ 1537 if (sa_is_share(group)) { 1538 char *zfs; 1539 1540 parent = sa_get_parent_group(group); 1541 if (parent != NULL) { 1542 zfs = sa_get_group_attr(parent, "zfs"); 1543 if (zfs != NULL) { 1544 sa_free_attr_string(zfs); 1545 iszfs = 1; 1546 } 1547 } 1548 } else { 1549 iszfs = sa_group_is_zfs(group); 1550 /* 1551 * If a ZFS group, then we need to see if a resource 1552 * name is being set. If so, bail with 1553 * SA_PROP_SHARE_ONLY, so we come back in with a share 1554 * instead of a group. 1555 */ 1556 if (strncmp(options, "name=", sizeof ("name=") - 1) == 0 || 1557 strstr(options, ",name=") != NULL) { 1558 return (SA_PROP_SHARE_ONLY); 1559 } 1560 } 1561 1562 /* do we have an existing optionset? */ 1563 optionset = sa_get_optionset(group, "smb"); 1564 if (optionset == NULL) { 1565 /* didn't find existing optionset so create one */ 1566 optionset = sa_create_optionset(group, "smb"); 1567 if (optionset == NULL) 1568 return (SA_NO_MEMORY); 1569 } else { 1570 /* 1571 * If an optionset already exists, we've come through 1572 * twice so ignore the second time. 1573 */ 1574 return (ret); 1575 } 1576 1577 /* We need a copy of options for the next part. */ 1578 dup = strdup(options); 1579 if (dup == NULL) 1580 return (SA_NO_MEMORY); 1581 1582 /* 1583 * SMB properties are straightforward and are strings, 1584 * integers or booleans. Properties are separated by 1585 * commas. It will be necessary to parse quotes due to some 1586 * strings not having a restricted characters set. 1587 * 1588 * Note that names will create a resource. For now, if there 1589 * is a set of properties "before" the first name="", those 1590 * properties will be placed on the group. 1591 */ 1592 persist = sa_is_persistent(group); 1593 base = dup; 1594 token = dup; 1595 lasts = NULL; 1596 while (token != NULL && ret == SA_OK) { 1597 ret = SA_OK; 1598 token = strtok_r(base, ",", &lasts); 1599 base = NULL; 1600 if (token != NULL) { 1601 char *value; 1602 /* 1603 * All SMB properties have values so there 1604 * MUST be an '=' character. If it doesn't, 1605 * it is a syntax error. 1606 */ 1607 value = strchr(token, '='); 1608 if (value != NULL) { 1609 *value++ = '\0'; 1610 } else { 1611 ret = SA_SYNTAX_ERR; 1612 break; 1613 } 1614 /* 1615 * We may need to handle a "name" property 1616 * that is a ZFS imposed resource name. Each 1617 * name would trigger getting a new "resource" 1618 * to put properties on. For now, assume no 1619 * "name" property for special handling. 1620 */ 1621 1622 if (strcmp(token, "name") == 0) { 1623 char *prefix; 1624 char *name = NULL; 1625 /* 1626 * We have a name, so now work on the 1627 * resource level. We have a "share" 1628 * in "group" due to the caller having 1629 * added it. If we are called with a 1630 * group, the check for group/share 1631 * at the beginning of this function 1632 * will bail out the parse if there is a 1633 * "name" but no share. 1634 */ 1635 if (!iszfs) { 1636 ret = SA_SYNTAX_ERR; 1637 break; 1638 } 1639 /* 1640 * Make sure the parent group has the 1641 * "prefix" property since we will 1642 * need to use this for constructing 1643 * inherited name= values. 1644 */ 1645 prefix = sa_get_group_attr(parent, "prefix"); 1646 if (prefix == NULL) { 1647 prefix = sa_get_group_attr(parent, 1648 "name"); 1649 if (prefix != NULL) { 1650 (void) sa_set_group_attr(parent, 1651 "prefix", prefix); 1652 } 1653 } 1654 name = fix_resource_name((sa_share_t)group, 1655 value, prefix); 1656 if (name != NULL) { 1657 resource = sa_add_resource( 1658 (sa_share_t)group, name, 1659 SA_SHARE_TRANSIENT, &ret); 1660 sa_free_attr_string(name); 1661 } else { 1662 ret = SA_NO_MEMORY; 1663 } 1664 if (prefix != NULL) 1665 sa_free_attr_string(prefix); 1666 1667 /* A resource level optionset is needed */ 1668 1669 need_optionset = 1; 1670 if (resource == NULL) { 1671 ret = SA_NO_MEMORY; 1672 break; 1673 } 1674 continue; 1675 } 1676 1677 if (need_optionset) { 1678 optionset = sa_create_optionset(resource, 1679 "smb"); 1680 need_optionset = 0; 1681 } 1682 1683 prop = sa_create_property(token, value); 1684 if (prop == NULL) 1685 ret = SA_NO_MEMORY; 1686 else 1687 ret = sa_add_property(optionset, prop); 1688 if (ret != SA_OK) 1689 break; 1690 if (!iszfs) 1691 ret = sa_commit_properties(optionset, !persist); 1692 } 1693 } 1694 free(dup); 1695 return (ret); 1696 } 1697 1698 /* 1699 * smb_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1700 * 1701 * provides a mechanism to format SMB properties into legacy output 1702 * format. If the buffer would overflow, it is reallocated and grown 1703 * as appropriate. Special cases of converting internal form of values 1704 * to those used by "share" are done. this function does one property 1705 * at a time. 1706 */ 1707 1708 static void 1709 smb_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1710 sa_property_t prop, int sep) 1711 { 1712 char *name; 1713 char *value; 1714 int curlen; 1715 char *buff = *rbuff; 1716 size_t buffsize = *rbuffsize; 1717 1718 name = sa_get_property_attr(prop, "type"); 1719 value = sa_get_property_attr(prop, "value"); 1720 if (buff != NULL) 1721 curlen = strlen(buff); 1722 else 1723 curlen = 0; 1724 if (name != NULL) { 1725 int len; 1726 len = strlen(name) + sep; 1727 1728 /* 1729 * A future RFE would be to replace this with more 1730 * generic code and to possibly handle more types. 1731 * 1732 * For now, everything else is treated as a string. If 1733 * we get any properties that aren't exactly 1734 * name/value pairs, we may need to 1735 * interpret/transform. 1736 */ 1737 if (value != NULL) 1738 len += 1 + strlen(value); 1739 1740 while (buffsize <= (curlen + len)) { 1741 /* need more room */ 1742 buffsize += incr; 1743 buff = realloc(buff, buffsize); 1744 *rbuff = buff; 1745 *rbuffsize = buffsize; 1746 if (buff == NULL) { 1747 /* realloc failed so free everything */ 1748 if (*rbuff != NULL) 1749 free(*rbuff); 1750 goto err; 1751 } 1752 } 1753 if (buff == NULL) 1754 goto err; 1755 (void) snprintf(buff + curlen, buffsize - curlen, 1756 "%s%s=%s", sep ? "," : "", 1757 name, value != NULL ? value : "\"\""); 1758 1759 } 1760 err: 1761 if (name != NULL) 1762 sa_free_attr_string(name); 1763 if (value != NULL) 1764 sa_free_attr_string(value); 1765 } 1766 1767 /* 1768 * smb_format_resource_options(resource, hier) 1769 * 1770 * format all the options on the group into a flattened option 1771 * string. If hier is non-zero, walk up the tree to get inherited 1772 * options. 1773 */ 1774 1775 static char * 1776 smb_format_options(sa_group_t group, int hier) 1777 { 1778 sa_optionset_t options = NULL; 1779 sa_property_t prop; 1780 int sep = 0; 1781 char *buff; 1782 size_t buffsize; 1783 1784 1785 buff = malloc(OPT_CHUNK); 1786 if (buff == NULL) 1787 return (NULL); 1788 1789 buff[0] = '\0'; 1790 buffsize = OPT_CHUNK; 1791 1792 /* 1793 * We may have a an optionset relative to this item. format 1794 * these if we find them and then add any security definitions. 1795 */ 1796 1797 options = sa_get_derived_optionset(group, "smb", hier); 1798 1799 /* 1800 * do the default set first but skip any option that is also 1801 * in the protocol specific optionset. 1802 */ 1803 if (options != NULL) { 1804 for (prop = sa_get_property(options, NULL); 1805 prop != NULL; prop = sa_get_next_property(prop)) { 1806 /* 1807 * use this one since we skipped any 1808 * of these that were also in 1809 * optdefault 1810 */ 1811 smb_sprint_option(&buff, &buffsize, OPT_CHUNK, 1812 prop, sep); 1813 if (buff == NULL) { 1814 /* 1815 * buff could become NULL if there 1816 * isn't enough memory for 1817 * smb_sprint_option to realloc() 1818 * as necessary. We can't really 1819 * do anything about it at this 1820 * point so we return NULL. The 1821 * caller should handle the 1822 * failure. 1823 */ 1824 if (options != NULL) 1825 sa_free_derived_optionset( 1826 options); 1827 return (buff); 1828 } 1829 sep = 1; 1830 } 1831 } 1832 1833 if (options != NULL) 1834 sa_free_derived_optionset(options); 1835 return (buff); 1836 } 1837 1838 /* 1839 * smb_rename_resource(resource, newname) 1840 * 1841 * Change the current exported name of the resource to newname. 1842 */ 1843 /*ARGSUSED*/ 1844 int 1845 smb_rename_resource(sa_handle_t handle, sa_resource_t resource, char *newname) 1846 { 1847 int ret = SA_OK; 1848 int err; 1849 char *oldname; 1850 1851 if (!smb_isonline()) 1852 return (SA_OK); 1853 1854 oldname = sa_get_resource_attr(resource, "name"); 1855 if (oldname == NULL) 1856 return (SA_NO_SUCH_RESOURCE); 1857 1858 err = smb_share_rename(oldname, newname); 1859 1860 /* improve error values somewhat */ 1861 switch (err) { 1862 case NERR_Success: 1863 break; 1864 case NERR_InternalError: 1865 ret = SA_SYSTEM_ERR; 1866 break; 1867 case NERR_DuplicateShare: 1868 ret = SA_DUPLICATE_NAME; 1869 break; 1870 default: 1871 ret = SA_CONFIG_ERR; 1872 break; 1873 } 1874 1875 return (ret); 1876 } 1877 1878 static int 1879 smb_build_shareinfo(sa_share_t share, sa_resource_t resource, smb_share_t *si) 1880 { 1881 sa_property_t prop; 1882 sa_optionset_t opts; 1883 char *path; 1884 char *rname; 1885 char *val = NULL; 1886 1887 bzero(si, sizeof (smb_share_t)); 1888 1889 if ((path = sa_get_share_attr(share, "path")) == NULL) 1890 return (SA_NO_SUCH_PATH); 1891 1892 if ((rname = sa_get_resource_attr(resource, "name")) == NULL) { 1893 sa_free_attr_string(path); 1894 return (SA_NO_SUCH_RESOURCE); 1895 } 1896 1897 si->shr_flags = (sa_is_persistent(share)) 1898 ? SMB_SHRF_PERM : SMB_SHRF_TRANS; 1899 1900 (void) strlcpy(si->shr_path, path, sizeof (si->shr_path)); 1901 (void) strlcpy(si->shr_name, rname, sizeof (si->shr_name)); 1902 sa_free_attr_string(path); 1903 sa_free_attr_string(rname); 1904 1905 val = sa_get_resource_description(resource); 1906 if (val == NULL) 1907 val = sa_get_share_description(share); 1908 1909 if (val != NULL) { 1910 (void) strlcpy(si->shr_cmnt, val, sizeof (si->shr_cmnt)); 1911 sa_free_share_description(val); 1912 } 1913 1914 opts = sa_get_derived_optionset(resource, SMB_PROTOCOL_NAME, 1); 1915 if (opts == NULL) 1916 return (SA_OK); 1917 1918 prop = sa_get_property(opts, SMB_SHROPT_AD_CONTAINER); 1919 if (prop != NULL) { 1920 if ((val = sa_get_property_attr(prop, "value")) != NULL) { 1921 (void) strlcpy(si->shr_container, val, 1922 sizeof (si->shr_container)); 1923 free(val); 1924 } 1925 } 1926 1927 prop = sa_get_property(opts, SHOPT_RO); 1928 if (prop != NULL) { 1929 if ((val = sa_get_property_attr(prop, "value")) != NULL) { 1930 (void) strlcpy(si->shr_access_ro, val, 1931 sizeof (si->shr_access_ro)); 1932 free(val); 1933 si->shr_flags |= SMB_SHRF_ACC_RO; 1934 } 1935 } 1936 1937 prop = sa_get_property(opts, SHOPT_RW); 1938 if (prop != NULL) { 1939 if ((val = sa_get_property_attr(prop, "value")) != NULL) { 1940 (void) strlcpy(si->shr_access_rw, val, 1941 sizeof (si->shr_access_rw)); 1942 free(val); 1943 si->shr_flags |= SMB_SHRF_ACC_RW; 1944 } 1945 } 1946 1947 prop = sa_get_property(opts, SHOPT_NONE); 1948 if (prop != NULL) { 1949 if ((val = sa_get_property_attr(prop, "value")) != NULL) { 1950 (void) strlcpy(si->shr_access_none, val, 1951 sizeof (si->shr_access_none)); 1952 free(val); 1953 si->shr_flags |= SMB_SHRF_ACC_NONE; 1954 } 1955 } 1956 1957 sa_free_derived_optionset(opts); 1958 return (SA_OK); 1959 } 1960 1961 /* 1962 * smb_get_defaultgrp 1963 * 1964 * If default group for CIFS shares (i.e. "smb") exists 1965 * then it will return the group handle, otherwise it will 1966 * create the group and return the handle. 1967 * 1968 * All the shares created by CIFS clients (this is only possible 1969 * via RPC) will be added to "smb" groups. 1970 */ 1971 static sa_group_t 1972 smb_get_defaultgrp(sa_handle_t handle) 1973 { 1974 sa_group_t group = NULL; 1975 int err; 1976 1977 group = sa_get_group(handle, SMB_DEFAULT_SHARE_GROUP); 1978 if (group != NULL) 1979 return (group); 1980 1981 group = sa_create_group(handle, SMB_DEFAULT_SHARE_GROUP, &err); 1982 if (group == NULL) 1983 return (NULL); 1984 1985 if (sa_create_optionset(group, SMB_DEFAULT_SHARE_GROUP) == NULL) { 1986 (void) sa_remove_group(group); 1987 group = NULL; 1988 } 1989 1990 return (group); 1991 } 1992